cyonjan/WeChatFerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Impl get_contacts

Browse Source
This commit is contained in:
Changhua 2024-06-23 19:38:15 +08:00
parent ad848b69f1
commit 4554f2376a
2 changed files with 30 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
WeChatFerry/spy/contact_mgmt.cpp
View File

@ -7,19 +7,22 @@
using namespace std; using namespace std;
extern WxCalls_t g_WxCalls; extern WxCalls_t g_WxCalls;
extern UINT64 g_WeChatWinDllAddr; extern QWORD g_WeChatWinDllAddr;
#if 0
typedef QWORD (*funcGetContactMgr_t)();
typedef QWORD (*funcGetContactList_t)(QWORD, QWORD);
#define FEAT_LEN 5 #define FEAT_LEN 5
static const uint8_t FEAT_COUNTRY[FEAT_LEN] = { 0xA4, 0xD9, 0x02, 0x4A, 0x18 }; static const uint8_t FEAT_COUNTRY[FEAT_LEN] = { 0xA4, 0xD9, 0x02, 0x4A, 0x18 };
static const uint8_t FEAT_PROVINCE[FEAT_LEN] = { 0xE2, 0xEA, 0xA8, 0xD1, 0x18 }; static const uint8_t FEAT_PROVINCE[FEAT_LEN] = { 0xE2, 0xEA, 0xA8, 0xD1, 0x18 };
static const uint8_t FEAT_CITY[FEAT_LEN] = { 0x1D, 0x02, 0x5B, 0xBF, 0x18 }; static const uint8_t FEAT_CITY[FEAT_LEN] = { 0x1D, 0x02, 0x5B, 0xBF, 0x18 };
static DWORD FindMem(DWORD start, DWORD end, const void *target, size_t len) static QWORD FindMem(QWORD start, QWORD end, const void *target, size_t len)
{ {
uint8_t *p = (uint8_t *)start; uint8_t *p = (uint8_t *)start;
while ((DWORD)p < end) { while ((QWORD)p < end) {
if (memcmp((void *)p, target, len) == 0) { if (memcmp((void *)p, target, len) == 0) {
return (DWORD)p; return (QWORD)p;
} }
p++; p++;
} }
@ -27,9 +30,9 @@ static DWORD FindMem(DWORD start, DWORD end, const void *target, size_t len)
return 0; return 0;
} }
static string GetCntString(DWORD start, DWORD end, const uint8_t *feat, size_t len) static string GetCntString(QWORD start, QWORD end, const uint8_t *feat, size_t len)
{ {
DWORD pfeat = FindMem(start, end, feat, len); QWORD pfeat = FindMem(start, end, feat, len);
if (pfeat == 0) { if (pfeat == 0) {
return ""; return "";
} }
@ -45,34 +48,27 @@ static string GetCntString(DWORD start, DWORD end, const uint8_t *feat, size_t l
vector<RpcContact_t> GetContacts() vector<RpcContact_t> GetContacts()
{ {
vector<RpcContact_t> contacts; vector<RpcContact_t> contacts;
DWORD call1 = g_WeChatWinDllAddr + g_WxCalls.contact.base; funcGetContactMgr_t funcGetContactMgr = (funcGetContactMgr_t)(g_WeChatWinDllAddr + 0x1C0BDE0);
DWORD call2 = g_WeChatWinDllAddr + g_WxCalls.contact.head; funcGetContactList_t funcGetContactList = (funcGetContactList_t)(g_WeChatWinDllAddr + 0x2265540);
int success = 0; QWORD mgr = funcGetContactMgr();
DWORD *addr[3] = { 0, 0, 0 }; QWORD addr[3] = { 0 };
__asm { if (funcGetContactList(mgr, (QWORD)addr) != 1) {
pushad LOG_ERROR("GetContacts failed");
call call1 return contacts;
lea ecx,addr
push ecx
mov ecx,eax
call call2
mov success,eax
popad
} }
DWORD pstart = (DWORD)addr[0]; QWORD pstart = (QWORD)addr[0];
DWORD pend = (DWORD)addr[2]; QWORD pend = (QWORD)addr[2];
while (pstart < pend) { while (pstart < pend) {
RpcContact_t cnt; RpcContact_t cnt;
DWORD pbin = GET_DWORD(pstart + 0x150); QWORD pbin = GET_QWORD(pstart + 0x200);
DWORD lenbin = GET_DWORD(pstart + 0x154); QWORD lenbin = GET_DWORD(pstart + 0x208);
cnt.wxid = GetStringByAddress(pstart + g_WxCalls.contact.wxId); cnt.wxid = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxId); // 0x10
cnt.code = GetStringByAddress(pstart + g_WxCalls.contact.wxCode); cnt.code = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxCode); // 0x30
cnt.remark = GetStringByAddress(pstart + g_WxCalls.contact.wxRemark); cnt.remark = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxRemark); // 0x80
cnt.name = GetStringByAddress(pstart + g_WxCalls.contact.wxName); cnt.name = GetStringByWstrAddr(pstart + g_WxCalls.contact.wxName); // 0xA0
cnt.country = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN); cnt.country = GetCntString(pbin, pbin + lenbin, FEAT_COUNTRY, FEAT_LEN);
cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN); cnt.province = GetCntString(pbin, pbin + lenbin, FEAT_PROVINCE, FEAT_LEN);
@ -81,16 +77,17 @@ vector<RpcContact_t> GetContacts()
if (pbin == 0) { if (pbin == 0) {
cnt.gender = 0; cnt.gender = 0;
} else { } else {
cnt.gender = (DWORD) * (uint8_t *)(pbin + g_WxCalls.contact.wxGender); cnt.gender = (DWORD) * (uint8_t *)(pbin + g_WxCalls.contact.wxGender); // 0x0E
} }
contacts.push_back(cnt); contacts.push_back(cnt);
pstart += 0x438; pstart += 0x6A8; // 0x6A8
} }
return contacts; return contacts;
} }
#if 0
int AcceptNewFriend(string v3, string v4, int scene) int AcceptNewFriend(string v3, string v4, int scene)
{ {
int success = 0; int success = 0;

6
WeChatFerry/spy/rpc_server.cpp
View File

@ -129,7 +129,7 @@ bool func_get_msg_types(uint8_t *out, size_t *len)
return true; return true;
} }
#if 0
bool func_get_contacts(uint8_t *out, size_t *len) bool func_get_contacts(uint8_t *out, size_t *len)
{ {
Response rsp = Response_init_default; Response rsp = Response_init_default;
@ -149,7 +149,7 @@ bool func_get_contacts(uint8_t *out, size_t *len)
return true; return true;
} }
#endif
bool func_get_db_names(uint8_t *out, size_t *len) bool func_get_db_names(uint8_t *out, size_t *len)
{ {
Response rsp = Response_init_default; Response rsp = Response_init_default;
@ -872,12 +872,10 @@ static bool dispatcher(uint8_t *in, size_t in_len, uint8_t *out, size_t *out_len
ret = func_get_msg_types(out, out_len); ret = func_get_msg_types(out, out_len);
break; break;
} }
#if 0
case Functions_FUNC_GET_CONTACTS: { case Functions_FUNC_GET_CONTACTS: {
ret = func_get_contacts(out, out_len); ret = func_get_contacts(out, out_len);
break; break;
} }
#endif
case Functions_FUNC_GET_DB_NAMES: { case Functions_FUNC_GET_DB_NAMES: {
ret = func_get_db_names(out, out_len); ret = func_get_db_names(out, out_len);
break; break;